Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3924161imm; Mon, 8 Oct 2018 11:46:07 -0700 (PDT) X-Google-Smtp-Source: ACcGV60TI4w8gHYvzwg9kcMTpyd/YrfPZ/02qb4sW9SkJSotgQeSdp+oiZBCzvdi0Su0scDbYMEX X-Received: by 2002:a63:d34f:: with SMTP id u15-v6mr22336503pgi.325.1539024367898; Mon, 08 Oct 2018 11:46:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539024367; cv=none; d=google.com; s=arc-20160816; b=uNf1bk9AeQFaCss8/hOqn3BlZzLG8YkaLnH1ac5WynVCYMcBJOZNh0jsKlV6ZXWERR qx4WtChzbtCsbds0aFXUozxN6/IUo7ARmzpmAkwJH2WSq2K3R3KY7qcRBIx1/HPVNyr3 olgOA4tCuUzxPEeS9Gz7LT4F5+0r18LbsHOz3NXKdpKBcxG+DEC0Q4+l7oD3gLvy8QhD 6TziYYewATqCYH6FKtz9Ej2/AgxNgxSQh8RlosgAs6e692b4ZEqnslYD95fGgxJ7LovK E+mJ+PoUZT1CANTd/ovGVj9OkhrbapK3O0njxIc0FNqJesuJI9ko1UbXlRlaeIShGhNj 1SAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cB4X2UFLPpjK8K0EjELmVceYnlVX9Espd2XcqgF+EVs=; b=pprbXCE9waCKFCVBaLtwE75gsdTb0Dghc1H+JG0Q1sz8vX5FOJfJbXFcZhoNTgnXB6 6bFOy5rJ3Q5v6U4KHKF541q1DMfTI+spS5WerDB6gmuxOeAlo466rRW6JJyCvOMwI8sx CXf+RTg3HREK1y5u2V3HF2GdZijW+AG2oOpQyJrUdVH9nm63zVJ1Cuv+H01PjlnIrZkh uF79KHrMbwJQZAP/aRu919OcNVDzuagtBtc7wwDrm/JAjlFLJU6/UssAeBZY1D/SP1sS iZwPlp6v8g1D0EpRIqBDRlumheC8GlQEDaHAOnj6erZ+bW3YR73/zSXjjQgY4KSOsWOJ /a8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Rnbpt4LY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1-v6si17762921plt.108.2018.10.08.11.45.52; Mon, 08 Oct 2018 11:46:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Rnbpt4LY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730715AbeJIB5Y (ORCPT + 99 others); Mon, 8 Oct 2018 21:57:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:45322 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730357AbeJIB5Y (ORCPT ); Mon, 8 Oct 2018 21:57:24 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 03A8D2064A; Mon, 8 Oct 2018 18:44:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539024258; bh=hbhkN02lOBPfQsbiFKkGnorTh4OldLXSEl0DQPVhFfg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Rnbpt4LYLF4INrADRnf79QsTTzHlPH84S9xnNjJzbHjuNS/7GBtxKde3gGe3LR2oD XmfVoYmO/wDIsEtVcIDEe83CFoTXbfK9CbEyCC430tfa9W/Vikde6LIJTdIOdKcpfr i8RdxV0jxonmUJlf7IqFlvNXZeu560VKN7y7S/ZY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julian Wiedmann , "David S. Miller" , Sasha Levin Subject: [PATCH 4.14 74/94] s390/qeth: dont dump past end of unknown HW header Date: Mon, 8 Oct 2018 20:31:55 +0200 Message-Id: <20181008175610.066737689@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181008175605.067676667@linuxfoundation.org> References: <20181008175605.067676667@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Julian Wiedmann [ Upstream commit 0ac1487c4b2de383b91ecad1be561b8f7a2c15f4 ] For inbound data with an unsupported HW header format, only dump the actual HW header. We have no idea how much payload follows it, and what it contains. Worst case, we dump past the end of the Inbound Buffer and access whatever is located next in memory. Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/drivers/s390/net/qeth_l2_main.c +++ b/drivers/s390/net/qeth_l2_main.c @@ -484,7 +484,7 @@ static int qeth_l2_process_inbound_buffe default: dev_kfree_skb_any(skb); QETH_CARD_TEXT(card, 3, "inbunkno"); - QETH_DBF_HEX(CTRL, 3, hdr, QETH_DBF_CTRL_LEN); + QETH_DBF_HEX(CTRL, 3, hdr, sizeof(*hdr)); continue; } work_done++; --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -1793,7 +1793,7 @@ static int qeth_l3_process_inbound_buffe default: dev_kfree_skb_any(skb); QETH_CARD_TEXT(card, 3, "inbunkno"); - QETH_DBF_HEX(CTRL, 3, hdr, QETH_DBF_CTRL_LEN); + QETH_DBF_HEX(CTRL, 3, hdr, sizeof(*hdr)); continue; } work_done++;